Hi, I have a router with 2 ether and a ppp tunnel.
One of the eth (dc0) is linked to my office network (inside lan, 212.43.217.56/29). The second (vr0) is linked to a lan which has internet access (outside lan 192.168.0.0/24). The ppp tunnel (tun0) is links us to the outside and which the default route of my router, so that ppl on the outside lan don't see what we do (We're hosted by a customer, and for privacy reasons...) What I try to achieve is to route the main traffic through tun0, but to route some, say imap trafic through vr0, directly to the internet without passing through the ppp tunnel. This router used to be a linux 2.4 box, and with iptables, I could tag packets and route them differently. Now, it's a FreeBSD 4.8, and I try to achieve the same thing :) So, I've tried many things, without success though. My last attempt was : ipnat : map vr0 from 212.43.217.56/29 to any -> 192.168.0.10/32 ipf : pass in log quick on dc0 to vr0 proto tcp from any to any port = imap that nat part works, because if I shut down the vpn and add back the default route via my customer's network, I can do everything too. With this ipf rule, when I telnet <host> imap, I see things like : MAP 212.43.217.58 1793 <- -> 192.168.0.10 1793 [212.43.217.9 143] Which tends to tell me that I'm doing it right. Somehow... When I tcpdump on dc0, I see packets arriving, but when I tcpdump on vr0, I see nothing. Maybe what I'm trying to achieve can't be done :/ maybe I'm doing something wrongly, but anyway... If anyone has an idea... :) -- Mathieu Arnold
